Abstract

Safety critical systems (e.g., an avionics control system for safe flight) are often required to achieve certification under pre-established standards (e.g., DO-178B for software considerations in airborne systems and equipment certification). We have been working with our industrial partner for the last three years to develop product line assets for their avionics software product line (SPL) and, recently, we encountered two major challenges regarding certification. Firstly, an individual product must be certified, but each may require a different certification level: there might be variations in the certification requirements according to specific system usage contexts. Secondly, certification involves not only product but also process, as standards such as DO-178B also assess the quality of the development process. In this paper, we propose to include a certification view during feature modelling to provide a better understanding of the relationships between features and a certification level required for each product. The experience of introducing certification into the design model of an Unmanned Aerial Vehicle (UAV) SPL is presented to illustrate some key ideas. We also describe the lessons we have learned from this experience.